4 minute read
The Practice is Always a Tenant
By rich A. cAmPBell, iii ccim
Many medical practices assume that owning their real estate is something to be aspired to, while in reality owning the property where a medical practice sees patients may not always be the best option. When weighing out leasing versus owning, it is important to look at the occupancy cost of leasing regardless of the ownership of the physical building. There are plenty of instances where leasing creates not only a more flexible arrangement, but may also be the better financial decision as well. In any event, the practice itself should never be the purchasing entity of a real estate asset. The practice needs to always be a tenant through a lease that is signed with a separate building ownership.
When searching for real estate, the practice must do so with the intent of taking care of “practice needs” as the most important priority. Ownership should be of lesser importance. Once the appropriate location is determined, the practice should be prepared to sign a lease agreement with whomever the owner is, regardless if members of the practice also own the building. If there is an ownership opportunity available, the owners of the practice will want to run a pro forma to assess the value of ownership of the building. The pro forma helps determine what the cost of occupancy (rent plus expenses) needs to be to create a viable purchase opportunity. The cost of occupancy that is in the practice lease has to be a fair market value rent and not a “boosted” rent to justify the purchase of the asset.
In purchasing the real estate, a separate building ownership is typically in the form of a limited liability company
(LLC). This LLC will own 100 percent of the building with the physicians having the option to own portions of the LLC or the entire LLC. The cleanest way in which to set up the LLC is when the owners of the practice acquire the same percentage of ownership in the real estate LLC, however this set up is not mandatory. As the practice moves forward, a buy/sell provision can be incorporated to accommodate any makeup of ownership that is not equal. Buy/ sell provisions can be found within the Operating Agreement and the provision will exist with or without equal ownership. Having a good buy/sell provision in the beginning of a new acquisition may save partners from unnecessary emotional hardship when they need to move in and out of the LLC. The management and control of the LLC is also very flexible and can be drafted in the operating agreement to give control elements to an LLC manager even if they are not 51 percent owners of the LLC.
Most medical building acquisitions involve properties that are either nonmedical buildings needing to be converted to medical, or existing medical buildings that require a good amount of work to accommodate the new practice needs. If a fair market deal is achievable and maintained, there are some advantages of being an owner occupant, including the ability to contain turn-key tenant improvements in the budget, financing the improvements over 20 to 25 years which may render financial benefits, possibly limit up-front cash, and keep the occupancy cost lower for the tenant.
The bottom line is that it is imperative that the practice is not unnecessarily weighed down
Jasper
Do I Believe You? Scienter Standard in a FCA Case, continued
the highly-regulated healthcare industry. When it comes to billing issues associated with Medicare, it is oftentimes hard for providers to obtain guidance, even when requested. Further, by reaching out for guidance, a provider may actually be highlighting that it knows there is ambiguity and risks involved, and thus essentially prove for the government that it satisfies the scienter standard under the FCA. In light of these opinions, providers must exercise extreme caution in situations where the guidance is unclear. The provider must decide if it moves forward with what it believes to be a rea- from page 10 sonable interpretation of the guidance, even though there is a doubt that the interpretation may be incorrect.
While the recent decision is significant, it leaves many questions unanswered and some items left to be litigated regarding the scienter requirement under the FCA.
Kelli Fleming is a Partner at Burr & Forman LLP practicing exclusively in the firm’s Health Care Practice Group. Kelli may be reached at (205) 458-5429 or kfleming@burr.com. Jim Hoover is a Partner at Burr & Forman LLP practicing exclusively in the firm’s Health Care Practice Group. Jim may be reached at (205) 458-5111 or jhoover@burr.com.
Building MFA into the Workflow,
continued from page 7 replace entering the sent code into the website or app with simply punching “yes” in response to a push notification. Cybercriminals found that if they sent a bunch of push notifications at awkward times, like in the night or during mealtimes, people got frustrated by the endless alerts and finally hit ‘yes.’ “It’s a convenience, but it turned out to be a bad thing,” Dorsey says. “You want the authenticator app to give you a number to put back into the website. That’s considered about the safest option.”
The unending need to adapt can frustrate people. “Doctors say MFA is too much, so they just don’t do it, and that’s the wrong choice,” Dorsey says. “These types of authentications are never going to be bulletproof, but they are HIPAA-proof. And there’s a way to do it and not kill your workflow.”
HIPAA Oversights by Practices in IT,
continued from page 9 you have sensitive information on your devices,” Woods says. “For HIPAA compliance, all of these exposures and how they are being addressed need to be documented in policies.”
“Set things up as zero trust,” Shoe says, as a way to interpret HIPAA compliance. A zero trust approach to IT assumes that any person, device, or service attempting to access the practice’s data, even from inside the network, cannot automatically be trusted.
That means monitoring network activity. “If you’re not monitoring, how do you know what’s broken or what’s going on?” Woods says. He recently got a monitoring alert at one client that a staffer was visiting a suspicious website. It turned out that the user had downloaded a TOR browser, which is designed for anonymous web surfing and often used to access the dark web.
If monitoring or any other security measure is too costly, note that in the practice’s risk assessment and policies. “Write that you looked into full-blown monitoring and couldn’t afford it,” Woods says. Then describe the actions taken to mitigate the risk, such as inhibiting the ability of users to install software and keeping security patches and software updated.
“The common misconception is that HIPAA mandates perfection,” Shoe says. “What they actually mandate is a to get better every year.”
